NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-12 08:25:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix virt-pki-validate's determination of CN

Browse Source 
Ubuntu's gntls package generates an Issuer line that looks like this:
        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com

While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies

Note the leading whitespace, and the additional fields in the former.

This patch updates the regular expression to:
 * trim leading characters before "Issuer:"
 * trim anything between Issuer: and CN=
 * trim anything after the next ,

I've tested this against the certool output of both RH and Ubuntu
generated certs.

Signed-off-by: Dustin Kirkland <kirkland@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Dustin Kirkland 2010-04-29 16:20:50 -05:00 committed by Eric Blake
parent 5b0aed68b0
commit c179a0f63c
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tools/virt-pki-validate.in
View File

@ -130,7 +130,12 @@ then
echo "as root do: chmod 644 $CA/cacert.pem" echo "as root do: chmod 644 $CA/cacert.pem"
exit 1 exit 1
fi fi
ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` sed_get_org='/Issuer:/ {
s/.*Issuer:.*CN=//
s/,.*//
p
}'
ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"`
if [ "$ORG" = "" ] if [ "$ORG" = "" ]
then then
echo the CA certificate $CA/cacert.pem does not define the organization echo the CA certificate $CA/cacert.pem does not define the organization